Prerequisites
The following steps should already have been done before you install the OSLC Connector for Octane. Please make sure that:
The OAuth client MUST fulfill the following requirements:
has to be a private client (so it has a key and secret)
has to be OIDC
grant type must be authorization codeĀ
the redirect URI must be https://<oslc connector url>/login/oauth2/code/custom
server certificates for your https://genoslc-octane.<your domain> are present. The certificates must fulfill the requirements stated in this section: https://smartfacts.atlassian.net/wiki/spaces/SPD/pages/57180202/Creating+and+testing+the+Certificates+for+Smartfacts#Create-the-certificate
the DNS entry is active for https://genoslc-octane.<your domain>
your OSLC Connector for Octane deployment can reach the target Octane instance; all necessary proxies are configured to allow the communication from the OSLC Connector to the Octane instance
Prepare the Deployment
Add library Repository for the OSLC Connector for Octane
You will need a username and password to download the helm chart and containers from MID's repository. You will receive username and password from your MID contact or from cops@mid.de.
sudo helm repo add library https://repo.secure.mid.de/chartrepo/library --username <USERNAME> --password <PASSWORD> sudo helm repo update
Customize Values File
Change to your user's home directory on the server and create a new text file
values-genoslc-octane.yaml
with the following content:
genoslcToolServiceVersionOverride: "" global: domain: "example.com" oidc: clientId: "" clientSecret: "" cert: overrideTruststorePassword: "changeit" secretName: "" crtFullChain: "" key: "" identity: OIDC_ISSUER: "" hosts: genoslc: subdomain: "genoslc-octane" port: "" env: tool: type: "octane" adaptedToolApiUri: "" adaptedToolRootUri: "" adaptedToolTechnicalUserAuthorizationHeader: "" configuration: administrators: [] oauth10aEncryptionKey: "" oidc: clientId: "" clientSecret: "" secretName: "" userNameAttribute: "preferred_username" clientAuthenticationScheme: "client_secret_basic" userInfoAuthenticationMethod: "header" clientScope: "openid" pkceEnabled: true publicUri: "" pluginUri: "" allowedCorsOrigins: "" knownContextRoots: "" globalConfigurationProvider: "" linkValidityProvider: "" trsEnabled: false containerPort: "8443" port: "8443" debugPortToolService: "" # Defines a proxy used by the OSLC Connector for Octane. proxy: https: # The URL of the https proxy server host: "" # The port of the https proxy server port: "" # A list of IP addresses or URLs devided by the pipe sign '|' nonProxyHosts: "" # Sets the logging level in the application # valid values are: INFO, ERROR, DEBUG, TRACE loggingLevelSpringFramework: "INFO" ingress: enabled: true className: "" annotations: {} tls: secretName: "" # ---------------------------------------------------------------- # ------------------------- Library ------------------------------ # ---------------------------------------------------------------- # Special certtool configuration certtool: # certtool should only be activated on the first deployment and after a certificate update enabled: true mongodb # Deployes a mongodb container inside the pod that the OSLC Connector will use enabled: true
Overwriting the installed version
Use genoslcToolServiceVersionOverride to change the default version set in the helm chart for the tool service. Overwrite the default value when you want to switch to another version, other than the one set as default via the helm chart
genoslcToolServiceVersionOverride: "2024.07.4"
SSL certificates
# SSL certificates cert: overrideTruststorePassword: "changeit" secretName: "" crtFullChain: "" key: ""
Domain and subdomain
In the global
section you must specify the domain
and subdomain
that form the base URL where the OSLC Connector for Octane will be accessible.
global: domain: "example.com" hosts: genoslc: subdomain: "genoslc-octane" port: ""
This will result in genoslc-octane.example.com to become the URL where the OSLC Connector is established.
OIDC Issuer
The OIDC issuer must be configured in the global
section in order to establish the connection between the application and the SSO. The issuer URL value has to be retrieved from the /.well-known/openid-configuration endpoint of the SSO (RFC 8414 - OAuth 2.0 Authorization Server Metadata (ietf.org))
global: identity: OIDC_ISSUER: "https://keycloak.brand.de/realms/Connector"
Configuring the OIDC client
After configuring the OIDC client in your SSO provider you must set the OIDC client ID and client secret.
env: oidc: clientId: octaneClient clientSecret: e932235d-2349-fd26-bcdb-93hw3f43aab9
The OIDC client MUST fulfill the following requirements:
has to be a private client (so it has a key and secret)
grant type must be authorization codeĀ
the redirect URI must be https://<oslc connector url>/login/oauth2/code/custom
Setting up a connection to the Octane instance
Adapting a Octane instance
There are two URLs that must be set before a integration with the API and UI of Octane can be achieved. The first one is adaptedToolRootUri
and it represents the base URL of your Octane instance. The second one is adaptedToolApiUri
and represents the API URL of Octane. This usually follows the following path formats:
https://<octane instance URL>/
env: tool: adaptedToolApiUri: "https://octane.com" adaptedToolRootUri: "https://octane.com"
Technical user authorization for TRS generation
The value for adaptedToolTechnicalUserAuthorizationHeader
must be a valid Basic authorization header. The credentials are base64 encoded.
Setting the adaptedToolTechnicalUserAuthorizationHeader
is mandatory if TRS feed generation is required.
env: tool: adaptedToolTechnicalUserAuthorizationHeader: "Basic dXNlcm5hbWU6cGFzc3dvcmQ="
List of OSLC Connector for Octane administrators
Provide a list of up to 5 usernames which will have the administration right to change protected settings in the OSLC Connector. Inbound details and Outbound details can be managed only by administrators. At least one administrator user must be stated here.
env: configuration: administrators: []
Encrypt oauth10a configuration data
Set the encryption key used to encrypt and decrypt the oauth10a configuration data in the database.
env: configuration: oauth10aEncryptionKey: "encryption-key"
Overwrite global OIDC configuration
This optional section can be used to overwrite the OIDC client configuration used by the OSLC Connector for Octane when the helm chart bundles multiple applications together.
Set the env.oidc.clientId
and env.oidc.clientSecret
in order to overwrite the values from global.oidc.clientId
and global.oidc.clientSecret
respectively.
Alternatively you can provide the name of the Kubernetes secret and the values for clientId
and clientSecret
will be fetched from the specified secret.
env: oidc: clientId: "" clientSecret: "" secretName: ""
User name attribute
Used to set the JWT claim to be used for user identification. Examples are preferred_username, sub, oid.
env: userNameAttribute: "preferred_username"
Client authentication scheme
Sets the client authentication method to be used in the authentication process. Valid values are: client_secret_basic, client_secret_post, none. Default value is "client_secret_basic"
env: clientAuthenticationScheme: "client_secret_basic"
User info authentication method
Sets the user info authentication method. Valid values are: header, form, query
env: userInfoAuthenticationMethod: "header"
Client scopes
Sets the client scopes used in the authentication process. Default value "openid". The value is a comma separated list of scopes (e.g. "read, write").
env: clientScope: "openid"
PKCE
Sets the application to use PKCE when authenticating the user https://oauth.net/2/pkce/. Default value is true. Set pkceEnabled to false if the OIDC provider does not support PKCE.
env: pkceEnabled: true
Public URI and Plugin URI
The env.publicUri
variable sets the URL where the OSLC Connector for Octane is accessible. This is mandatory and has to be set.
The env.pluginUri
sets the URL where the OSLC Connector for Octane is accessible and must be in the form of <env.publicUri>/spa. This variable is also mandatory and must be set.
env: publicUri: "" pluginUri: ""
Allowed CORS URLs
This is a comma separated list of applications that are allowed to make requests to the OSLC Connector API like third party applications that read data from the OSLC Connector for Octane.
env: allowedCorsOrigins: "https://smartfacts.com"
Known context roots
This is a comma separated list URLs of other OSLC Connectors (Smartfacts, Jama, PREEvision, Octane, DOORS Classic) that are connect to this instance via an association.
env: knownContextRoots: "https://genoslc-codebeamer.smartfacts.com"
Global Configuration Provider
Sets the Global Configuration provider. An example is https://<ibm-elm>/gc. Setting the value is optional but is mandatory if IBM ELM link validity is required.
env: globalConfigurationProvider: ""
Link Validity Provider
Sets the Link Validity Provider. Examples:
https://<ibm-elm>/jts/elm
https://<smartfacts>/platform/elm
env: linkValidityProvider: ""
Enabling TRS
Enables TRS feed generation. Requires a technical user to be set via the env.tool.adaptedToolTechnicalUserAuthorizationHeader
if it's enabled.
TRS feed exposes base artifacts and changes that occurred in synchronized Octane projects.
Enable it only if a third party tool is accessing the TRS feed of this OSLC Connector to index data.
env: trsEnabled: false
Install the OSLC Connector for Octane
Execute the Installation
Enter the following command to execute the Installation:
sudo helm upgrade --install genoslc-octane library/genoslc -f values-genoslc-octane.yaml --version 3.0.1 -n genoslc-octane --create-namespace
Add Comment